Winlogon


In computing, Winlogon is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running. The actual obtainment and verification of user credentials is left to other components.
Winlogon is a common target for several threats that could modify its function and memory usage. Increased memory usage for this process might indicate that it has been "hijacked".
In Windows Vista and later operating systems, Winlogon's roles and responsibilities have changed significantly.

Overview

Winlogon handles interface functions that are independent of authentication policy. It creates the desktops for the window station, implements time-out operations, and in versions of Windows prior to Windows Vista, provides a set of support functions for the GINA and takes responsibility for configuring machine and user Group Policy.
Winlogon also checks if the copy of Windows is a legitimate license starting in Windows XP and later.
Winlogon has the following responsibilities: